• Journal of the Korea Society for Simulation
• /
• v.19 no.4
• /
• pp.139-149
• /
• 2010

Internet was designed for network scalability and best-effort service which makes all hosts connected to Internet to be vulnerable against attack. Many papers have been proposed about attack detection algorithms against the attack using IP spoofing and DoS/DDoS attack. Purpose of DoS/DDoS attack is achieved in short period after the attack begins. Therefore, DoS/DDoS attack should be detected as soon as possible. Attack detection algorithms using false alarm rates consist of the false negative rate and the false positive rate. Moreover, they are important metrics to evaluate the attack detections. In this paper, we analyze the performance of the attack detection algorithms using the impact of false negative rate and false positive rate variation to the normal traffic and the attack traffic by simulations. As the result of this, we find that the number of passed attack packets is in the proportion to the false negative rate and the number of passed normal packets is in the inverse proportion to the false positive rate. We also analyze the limits of attack detection due to the relation between the false negative rate and the false positive rate. Finally, we propose a solution to minimize the limits of attack detection algorithms by defining the network state using the ratio between the number of packets classified as attack packets and the number of packets classified as normal packets. We find the performance of attack detection algorithm is improved by passing the packets classified as attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.29-39
• /
• 2002

In general, the intrusion detection method of anomalous behaviors has high false alarm rate which contains false-positive and false-negative. To increase the sensitivity of intrusion detection, we propose a method of aggregate detection to reduce false alarm rate by using correlation between misuse activity detection sensors and anomalous ones. For each normal behavior and anomalous one, we produce the reflection rate between the result from one sensor and another in off-line. Then, we apply this rate to the result of real-time detection to reduce false alarm rate.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.51 no.1
• /
• pp.37-41
• /
• 2014

Recently, a lot of research efforts has been directed toward spectrum sensing techniques exploiting the some characteristics of power spectrum. Among them, a sensing technique employing the maximum of power spectrum as a test statistic has appeared in the literature and its false alarm probability was also derived under the assumption that the test statistic follows the Gaussian distribution. This paper provides an exact form of the false alarm probability without using the assumption and compares it with the previous work.

• Journal of Satellite, Information and Communications
• /
• v.8 no.1
• /
• pp.66-70
• /
• 2013

In this paper, Threshold setting method is proposed to improve detection probability for cooperative sensing. Even if cooperative users have all same false alarm rate, each user has different threshold due to pass ad-hoc channel. threshold level is related to detection probability. So, we select the highest threshold among cooperative users and then share threshold information for getting the high detection probability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.4
• /
• pp.989-1005
• /
• 2012

In this paper, throughput of IEEE 802.11 carrier-sense multiple access (CSMA) with collision-avoidance (CA) protocols in non-saturated traffic conditions is presented taking into account the impact of imperfect channel sensing. The imperfect channel sensing includes both missed-detection and false alarm and their impact on the utilization of IEEE 802.11 analyzed and expressed as a closed form. To include the imperfect channel sensing at the physical layer, we modified the state transition probabilities of well-known two state Markov process model. Simulation results closely match the theoretical expressions confirming the effectiveness of the proposed model. Based on both theoretical and simulated results, the choice of the best probability detection while maintaining probability of false alarm is less than 0.5 is a key factor for maximizing utilization of IEEE 802.11.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.3638-3654
• /
• 2014

Cognitive Radio (CR) users need to sense the environment or channel at regular time interval for sharing the spectrum band of the primary users (PUs). Once find the spectrum idle, CR users start their transmission through it. Even while transmitting, they need to continue the sensing process so that they can leave the spectrum immediately whenever find a PU wanting to use the band. Therefore, detecting PUs is one of the main functions of cognitive radio before transmission and higher the detection probability ensures better protection to the primary users. However, it is not possible to attain a high detection probability (or a low miss detection probability) and low false alarm probability simultaneously as there is a tradeoff between false alarm probability ($P_{fa}$) and the probability of detection ($P_d$). In this paper, the author has provided a comprehensive study on different sensing techniques and discussed their advantages and disadvantages. Moreover, it is expected that, with this article, readers can have a through understanding of sensing techniques in CR and the current research trends in this area.

• ETRI Journal
• /
• v.16 no.1
• /
• pp.17-34
• /
• 1994

In this paper, we present an architecture of the constant false alarm rate (CFAR) detector called the generalized order statistics (GOS) CFAR detector, which covers various order statistics (OS) and cell-averaging (CA) CFAR detectors as special cases. For the proposed GOS CFAR detector, we obtain unified formulas for the false alarm and detection probabilities. By properly choosing coefficients of the GOS CFAR detector, one can utilize any combination of ordered samples to estimate the background noise level. Thus, if we use a reference window of size N, we can realize $(2^N-1)$ kinds of CFAR processors and obtain their performances from the unified formulas. Some examples are the CA, the OS, the censored mean level, and the trimmed mean CFAR detectors. As an application of the GOS CFAR detector to multiple target detection, we propose an algorithm called the adaptive mean level detector, which censors adaptively the interfering target returns in a reference window.

• Journal of the Korean Institute of Telematics and Electronics B
• /
• v.29B no.1
• /
• pp.50-57
• /
• 1992

This paper proposes and analyzes a new CFAR(Constant False Alarm Rate) detector called the EXGO(Excision Greatest Of)-CFAR. This is the combination of the EXCA(Excision Cell Averaging)-CFAR that shows a good performance under the influence of interferences and the GO(Greatest Of)-CFAR that fights well with clutter edges. For the performance analysis, the formulas for the detection probability and the false alarm probability are derived and computed, and the results are compared with other existing CFAR detectors. Our analysis shows that the proposed EXGO-CFAR considerably improves the false-alarm-rate performance of the EXCA-CFAR at clutter edges while maintaining the high detection probability performance of the EXCA-CFAR in the homogeneous and/or interference noise environment.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.14 no.1
• /
• pp.11-18
• /
• 2019

In this paper, we consider interferences from other automobile pulse radars using same frequency spectrum. In order to eliminate the interference, we propose the PN code modulation method. This method uses the cross-correlation between PN codes with different seed. The ROC performance is used for comparing the proposed detector to conventional method. And the proposed detector can decide the present or absent of targets and measure the range of the targets by using memory buffer of range gate. Especially, we use false alarm probability for all range gates. That is the false alarm if in any one range gate the false alarm occurs. From the simulation result, we can see that the proposed detector with using PN code is not influenced by interferences.

• Proceedings of the KIEE Conference
• /
• 2001.04a
• /
• pp.209-212
• /
• 2001

A flame detector responds either to radiant energy visible to the human eye or outside the range of human vision. Such a detector is sensitive to glowing embers, coals, or flames which radiate energy of sufficient intensity and spectral quality to actuate the alarm. An infra-red detectors can respond to the total IR component of the flame alone or in combination with flame flicker in the frequency range of 5 to 30 Hz. A major problem in the use of infrared detectors receiving total IR radiation is the possible interference of solar radiation in the infrared region. When detectors are located in places shielded from the sun, such as vaults, filtering or shielding the unit from the sun's rays is unnecessary. In this study, we proposed method for redue a false alarm with using filtering & sensor technology for distinguish of causes of raise a false alarm and pure flame.